News Community Reacts to Apple vs FBI Story

[gjonesy]

The someone who will know how to access the contents of the phone without destroying the information is the person who created and entered the device password or key.

Well in this case the one who created the password is dead. And from what I've read apple says it can unlock the phone, they just don't want to because the main selling point of this phone is its encryption and security in other words if they crack it they destroy some credibility and confidence in the product (tisk tisk boohoo who really cares). As I said before if the FBI recruits some disgruntle apple employee with the right technical background and learns how to crack the phone themselves (especially if it can be done remotely) then we all are subject to having our iPhones cracked, privacy invaded without our knowledge. People with power usually abuse it, remember J. Edgar Hover ? He had dirt on everyone back in the day and he abused that power. I'd much rather a company that stands to lose business if they abuse that power able to look at my phone content, then have a branch of the government who can and will over step certain boundaries and perhaps use certain influences/manipulation having that ability. Apple has more to lose by not helping. Its only a matter of time before someone somewhere figures out how to crack that iPhone(maybe some computer kid that does it for fun and post a how to video on youtube) and then hackers are going to have a field day.

 

[Borg]

Apple has more to lose by not helping. Its only a matter of time before someone somewhere figures out how to crack that iPhone(maybe some computer kid that does it for fun and post a how to video on youtube) and then hackers are going to have a field day.

What difference does it make whether Apple unlocks the phone when it comes to hackers cracking their software (assuming that it could even be done)? Apple's point is that by creating the software to unlock the phone, then hackers could get the code that they created. You seem to be implying that if Apple doesn't create the software, then it will be likely for hackers to create it instead.

 

[gjonesy]

(assuming that it could even be done)

then it will be likely for hackers to create it instead.

If apple "can" do it, then its entirely possible someone familiar enough with the software can. I'd almost bet the bureau is working on a plan "B" as we speak. Now I am a novice, but I figured out how to crack a droid. I figured out how to get around certain web filters without using a thumb drive. I have gotten around other things relating to electronic security. Based on my own experience, if apple itself is saying its possible for them, then its possible period. Its Just a matter of time I'm betting.

 

[Hornbein]

I do not understand how Apple's alleged concerns for customer privacy have any credibility at all after Apple enthusiastically cooperated with the NSA in bulk collection of "private" information. My belief is that this case is a marketing exercise intended to forestall exit of customers to possibly more reliable European vendors.

I personally am in the process of deGooglizing my life. Google has made this as inconvenient as is possible. Google no longer allows me to export gmail contacts. Fortunately I did that a few months before this feature was disabled.

Getting my ten years of email out of Google is so difficult I will never have the time (how many hundreds of hours?). But at least I can keep my newer work out of their hands. I don't want to feed their AI any more than I have to. If it can defeat the Go champion of the world, what can it do to me? I do not care to find out the hard way.

Keeping data out of their hands is too difficult. Posts to extremely obscure web sites show up in their data base immediately. I don't want to spend months installing software to try to block this. But at least I can make a symbolic gesture.

 

[Borg]

If apple "can" do it, then its entirely possible someone familiar enough with the software can. I'd almost bet the bureau is working on a plan "B" as we speak. Now I am a novice, but I figured out how to crack a droid. I figured out how to get around certain web filters without using a thumb drive. I have gotten around other things relating to electronic security. Based on my own experience, if apple itself is saying its possible for them, then its possible period. Its Just a matter of time I'm betting.

You are ignoring the point that I made about your post. The likelihood of hackers defeating the encryption on their own has nothing to do with whether Apple does it. Your speculation about what the FBI is doing is just that - speculation. Getting around miscellaneous security features on a phone is far different than cracking encryption algorithms.

 

[gjonesy]

Getting around miscellaneous security features on a phone is far different than cracking encryption algorithms.

Yes very true, and I get what you're saying, I'm just saying that the company itself has a stake in this. And who's to say that if they help the software they create is going to fall into the wrong hands? they don't even have to create the key on a computer connected to the web, stuff like that can be made as secure as the encryption itself, the real danger is leaving it to the FBI unaided to find out on their own. What if they find and hire someone who can, what if they let the information leak. They just might do that for spite cause apple fought them on it.

 

[Borg]

Yes very true, and I get what you're saying, I'm just saying that the company itself has a stake in this. And who's to say that if they help the software they create is going to fall into the wrong hands? they don't even have to create the key on a computer connected to the web, stuff like that can be made as secure as the encryption itself, the real danger is leaving it to the FBI unaided to find out on their own. What if they find and hire someone who can, what if they let the information leak. They just might do that for spite cause apple fought them on it.

This is just a trail of misc. statements that have nothing to do with each other. There are no relationships between these things.

 

[DiracPool]

Finally, Time magazine is weighing in on the Apple vs FBI debate, and the editor Nancy Gibbs is saying that, increasingly, those "in the know" are starting to come over to our, I mean Apples, side:



And let's face it, you have to trust Time magazine, right? I mean, they're sitting there at the grocery store checkout line so you can get in a quick article while the old lady in line in front of you is taking 20 minutes to write out a check. Time wouldn't risk losing that valuable exposure by printing something inaccurate

 

[gjonesy]

This is just a trail of misc. statements that have nothing to do with each other. There are no relationships between these things.

Um ok if you say so...lol That relationship you don't think exist is plastered all over the news, in fact the (op) apple vs the FBI was my biggest clue its all related lol
but what ever you say borg don't assimilate me.

 

[DiracPool]

In all seriousness, though, I think what I'm getting from all the press on this subject and from the 338 posts in this thread is that what this whole thing boils down to is NOT just a simple technical issue as to whether this single phone of the terrorists can be hacked uniquely or not. What it really comes down to is that 100,000 things must all go perfectly right and not one thing can go wrong and then yes, maybe this can be confined to this one instance. But the likelihood of that is essentially zero. So you have to ask yourself, "Do you feel lucky?" Well, do you?

What are they going to find on this phone? Considering the worldwide publicity this case has gotten, any terrorist who knows they had an association with this phone in any way has already changed their phone number, name, location, and identity anyway, so what do they hope to get out of it even if there is some relevant info on there. But there's a good chance there's nothing on there. The FBI's going to have an omelette-sized egg on their face if all they find out is that there's a few selfies on there and the phone number to dominoes pizza on speed-dial. Meanwhile, someone somewhere is selling the backdoor though the backdoor...

 

[Borg]

Um ok if you say so...lol That relationship you don't think exist is plastered all over the news, in fact the (op) apple vs the FBI was my biggest clue its all related lol
but what ever you say borg don't assimilate me.

Please feel free to take any two statements from your post #336 and show how one leads to the other.

 

[vela]

I do not understand how Apple's alleged concerns for customer privacy have any credibility at all after Apple enthusiastically cooperated with the NSA in bulk collection of "private" information.

This claim I'd like to see a credible source for. The only company I know of who "enthusiastically cooperated with the NSA" is AT&T. The other telecoms may have as well.

 

[Hornbein]

This claim I'd like to see a credible source for. The only company I know of who "enthusiastically cooperated with the NSA" is AT&T. The other telecoms may have as well.

Apple began bulk data collection in October 2012.

https://img.washingtonpost.com/wp-a...ion-documents/images/prism-slide-5.jpg&w=1484

Some resisted. Yahoo! fought the collection in court. Twitter complied but was unenthusiastic, doing the minimum. While this was going on, Microsoft/Skype were promising their users they were "committed to respecting your privacy and confidentiality." Perhaps you may understand why I am skeptical of Apple.

 

[vela]

https://img.washingtonpost.com/wp-a...ion-documents/images/prism-slide-5.jpg&w=1484

Some resisted. Yahoo! fought the collection in court. Twitter complied but was unenthusiastic, doing the minimum. While this was going on, Microsoft/Skype were promising their users they were "committed to respecting your privacy and confidentiality." Perhaps you may understand why I am skeptical of Apple.

It's a big jump between being "skeptical" and claiming Apple "enthusiastically supported" the NSA's efforts. Also, it's not like the companies could legally disclose what the government was asking/requiring them to do.

https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#Companies

 

[gjonesy]

https://www.staradvertiser.com/busi...can-unlock-terrorists-iphone-prosecutors-say/
Statement 1. apple can open this phone and has a stake in doing it "in house" to protect its own product.

Yes very true, and I get what you're saying, I'm just saying that the company itself has a stake in this.

And who's to say that if they help the software they create is going to fall into the wrong hands?

refer to statement one.

the real danger is leaving it to the FBI unaided to find out on their own.

2. The FBI has cracked cell phones in the past and has the capability to do so, they have been aided by other mobile phone companies in the past so there is a president set as far as co-operation between mobile communication companies and the FBI. To think the FBI is totally incompetent in this area is wishful thinking, ask anyone convicted of possessing (illegal images) on their computer or phone.

https://leb.fbi.gov/2013/december/legal-digest-searches-incident-to-arrest-in-the-smartphone-age

they don't even have to create the key on a computer connected to the web, stuff like that can be made as secure as the encryption itself,

3. Refer to statement 1 again. apple obviously didn't use an open source template, or software you can buy at office depot, their method is proprietary therefore it is secure FOR NOW. We have malware worms Trojans ect...how do you think they operate? They target certain systems for the purpose of intrusion. To imply that the system is unbeatable is a bet I would never take. Someone is probably working on that as we speak.

What if they find and hire someone who can, what if they let the information leak. They just might do that for spite cause apple fought them on it.

4. Does the Name J Edgar Hover ring a bell, according to what I have read he was notorious for using surveillance information against politicians to get his way.
He was the head of the (FBI) and AGAIN refer to statement 1. if they were to create a master key who's to say what they might use it for, sell it to, use it against or trade in return for? Its been done in the past.

Now if you can't make sense of that then I can't help you.

 

[Borg]

Now if you can make sense of that then I can't help you.

My thoughts exactly.

 

[vela]

If apple "can" do it, then its entirely possible someone familiar enough with the software can. I'd almost bet the bureau is working on a plan "B" as we speak. Now I am a novice, but I figured out how to crack a droid. I figured out how to get around certain web filters without using a thumb drive. I have gotten around other things relating to electronic security. Based on my own experience, if apple itself is saying its possible for them, then its possible period. Its Just a matter of time I'm betting.

I doubt you cracked the Android phone in any way nearly analogous to what the FBI is asking Apple to do.

http://arstechnica.com/gadgets/2016...hones-encrypted-and-should-you-encrypt-yours/

From this and your other comments, I don't think you have a good understanding of what's Apple's being asked to do. The FBI isn't demanding Apple exploit some weakness in encryption, some weakness that someone else could find with a bit of effort. The FBI wants Apple to write and install software with security provisions removed so that the FBI can brute force its way into the phone. Only Apple can do this because only it holds the cryptographic keys necessary to sign the software so it can be installed onto the phone. Now if you can find a hole in this cryptography method—and experts have been looking for these for a long time now—congrats, you now know how to compromise every secure web session, every secure remote login, etc.

 

[nsaspook]

In all seriousness, though, I think what I'm getting from all the press on this subject and from the 338 posts in this thread is that what this whole thing boils down to is NOT just a simple technical issue as to whether this single phone of the terrorists can be hacked uniquely or not. What it really comes down to is that 100,000 things must all go perfectly right and not one thing can go wrong and then yes, maybe this can be confined to this one instance. But the likelihood of that is essentially zero. So you have to ask yourself, "Do you feel lucky?" Well, do you?

The problem is that Apples phones user security model is fundamentally flawed if Apple is the gate keeper to methods to access your private data by hacking simple passcodes (a much easier job than cracking full RSA signatures). Apple with always be one OS release from allowing the FBI to access an iPhone with their current security model of them having an override key that can install OS software to a currently user data locked phone. The problem for Apple is IMO they don't seem to want to give up this power over their products (it has value for them) to actually increase user security in future products, the FBI knows it and is playing the mandatory backdoor drum in a effort to pressure them to work a deal for future access with court orders.

 

[gjonesy]

The FBI wants Apple to write and install software with security provisions removed so that the FBI can brute force its way into the phone.

You are right in one respect, I have only read a hand full of stories on the case. But is it just this 1 phone or is the FBI asking apple to give them a remote backdoor to all iPhones? It really depends on what all they are asking. I do not see a problem with apple securing the information off the phone and giving the feds a copy...we aren't talking about remote controlling a minuteman nuclear war head here...its a phone, just a phone, that belongs to, a dead terrorist. If the FBI is asking for more than that then apple has every right to refuse, and on of all things copyright law!

 

[gjonesy]

The summation of everything I know about the case, FBI wants phone open...Apple says nope... reason given, product integrity, they made the phones secure and per policy the owner isn't asking for help so apple isn't inclined to do so. The court ordered apple to help and they appealed and are fighting that order. as far as I can see this is still more about apples reputation then it is about the security of all cell phone users.

Wont affect me cause I have a droid so I really don't care.

 

[gjonesy]

I doubt you cracked the Android phone in any way nearly analogous to what the FBI is asking Apple to do.

I get what you are saying after reading the encryption article, and as I said before I am a "novice". I cracked a droid that probably wasn't encrypted. It was a pattern locked $70 walmart phone I bought but no longer used and had simply forgot how to open it. As I was using a method for unlocking the phone it flashed a message "you may loose all personal data, do you want to proceed?" I didn't care since I was giving the phone to someone else. So I unlocked the phone and gave it away...an hour later the person brought it back cause it still had pictures, text me app data and email app data still on the phone and was still working with her sim card in it. Now I know I may not be as smart as some of you guys here, but that should also tell you something. If I can do it what could an expert do?, a professor of computer science do? A disgruntled apple employee could do? Think about that for a moment.

 

[nsaspook]

If I can do it what could an expert do?, a professor of computer science do? A disgruntled apple employee could do? Think about that for a moment.

There's no need to think about it for moment if you understand what it would take to extract the data using the base encryption as the exploit method. For that you need NSA scale raw horse-power unless that expert, professor of computer science or disgruntled apple employee steals the Apple signing key.

 

[gjonesy]

There's no need to think about it for moment if you understand what it would take to extract the data using the base encryption as the exploit method. For that you need NSA scale raw horse-power unless that expert, professor of computer science or disgruntled apple employee steals the Apple signing key.

I understand a basic system might be able to bust a 32 bit in a week, I know a 128 bit encryption is next to impossible, but this is the FBI we are talking about here not a kid with a 400 dollar set up.

http://mycrypto.net/encryption/encryption_crack.html

 

[nsaspook]

I understand a basic system might be able to bust a 32 bit in a week, I know a 128 bit encryption is next to impossible, but this is the FBI we are talking about here not a kid with a 400 dollar set up.

http://mycrypto.net/encryption/encryption_crack.html

I think most of us would rather the FBI leave that job to others with real expertise in those matters and concentrate on the basic footwork that catches most criminals, terrorist and bad guys in general.

 

[russ_watters]

In all seriousness, though, I think what I'm getting from all the press on this subject and from the 338 posts in this thread is that what this whole thing boils down to is NOT just a simple technical issue as to whether this single phone of the terrorists can be hacked uniquely or not. What it really comes down to is that 100,000 things must all go perfectly right and not one thing can go wrong and then yes, maybe this can be confined to this one instance. But the likelihood of that is essentially zero. So you have to ask yourself, "Do you feel lucky?" Well, do you?

I don't see a place for "luck" or 100,000 things that need to go perfectly here. Who says it matters and why must this "be confined to this one instance"? If it is decided by the courts that it is reasonable for Apple to crack this phone, then 6 months from now another case comes up where the same logic applies, they should crack that one too. So what? What am I missing about your concern/point?

 

[gjonesy]

The FBI wants Apple to write and install software with security provisions removed so that the FBI can brute force its way into the phone.

Ok this statement jumped out at me on a second reading of the post. So the FBI wants apple to use its own cryptographic key software just to remove the fail safes from the iPhone (SO THEY the FBI can crack the phone)? Is this correct?

I have 2 questions about this,

1. is it possible that after apple installs the key they could copy it?

2. if they can (copy the cryptographic key software) could it be used remotely without a users knowledge?

Again I am a novice when it comes to IT security so enlighten me.

If the answer is no to either question I still don't see the problem. If the key can't be used remotely then the FBI would have to have a phone in their custody to even use it correct?

 

[nsaspook]

Ok this statement jumped out at me on a second reading of the post. So the FBI wants apple to use its own cryptographic key software just to remove the fail safes from the iPhone (SO THEY the FBI can crack the phone)? Is this correct?

I have 2 questions about this,

1. is it possible that after apple installs the key they could copy it?

2. if they can (copy the cryptographic key software) could it be used remotely without a users knowledge?

Again I am a novice when it comes to IT security so enlighten me.

If the answer is no to either question I still don't see the problem. If the key can't be used remotely then the FBI would have to have a phone in their custody to even use it correct?

Apple uses its private signing key to authenticate (signed code) the FBI requested software is a valid program for the existing firmware on the phone to install unconditionally if it's also in the correct format. The FBI is not asking for (yet) and does not get the private key, they only get code signed with it. In theory if Apple designed the code to only work with the one phones internal serial or ID key it would be impossible to use it on other phones without altering (changing the hash) of the signed code and invalidating the 'OK to install' authentication.

cryptographic key process

 

[joema]

..The FBI is not asking for (yet) and does not get the private key, they only get code signed with it...

While technically true in the most formal sense, they have apparently threatened to do this:

http://www.zdnet.com/article/fbi-co...d-private-key-allowing-feds-to-ghost-iphones/

 

[nsaspook]

While technically true in the most formal sense, they have apparently threatened to do this:

http://www.zdnet.com/article/fbi-co...d-private-key-allowing-feds-to-ghost-iphones/

To threatened the MAD option on the USA tech sector shows just how far out of touch with reality the FBI is on encryption vs rights. How long to you think it would take this information to leak from the FBI (unspoken threat)? More proof that the Apple phone user security model is fundamentally flawed when there are no limits to side-channel attacks on Apple to gain access to users secrets.

 

[zoobyshoe]

Ok this statement jumped out at me on a second reading of the post. So the FBI wants apple to use its own cryptographic key software just to remove the fail safes from the iPhone (SO THEY the FBI can crack the phone)? Is this correct?

So much of this is explained in the very first link of the opening post:

http://www.wired.com/2016/02/apples-fbi-battle-is-complicated-heres-whats-really-going-on/